NIHVIVO-1379 If a user is logged in but not authorized to view a page, send them to a page with an explanation.

webapp/config/web.xml

@@ -395,6 +395,10 @@
     <servlet-name>EmptyController</servlet-name>
     <url-pattern>/login</url-pattern>
   </servlet-mapping>
+  <servlet-mapping>
+    <servlet-name>EmptyController</servlet-name>
+    <url-pattern>/insufficientAuthorization</url-pattern>
+  </servlet-mapping>
   
   <servlet>
     <servlet-name>RevisionInfoController</servlet-name>

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/Controllers.java

@@ -44,6 +44,7 @@ public class Controllers {
 
     public static final String LOGIN_JSP = "/login";
     public static final String LOGOUT_JSP = "/logout";
+	public static final String INSUFFICIENT_AUTHORIZATION = "/insufficientAuthorization";
     
     public static final String BASIC_JSP = "/templates/page/basicPage.jsp";
     public static final String DEBUG_JSP = "/templates/page/debug.jsp";

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/VitroHttpServlet.java

@@ -75,7 +75,7 @@ public class VitroHttpServlet extends HttpServlet {
 	// ----------------------------------------------------------------------
 
 	/**
-	 * If not logged in, redirect them to the appropriate page.
+	 * If not logged in, redirect them to the login page.
 	 */
 	public static boolean checkLoginStatus(HttpServletRequest request,
 			HttpServletResponse response) {
@@ -83,39 +83,48 @@ public class VitroHttpServlet extends HttpServlet {
 		if (LoginStatusBean.getBean(request).isLoggedIn()) {
 			return true;
 		} else {
-			try {
 			redirectToLoginPage(request, response);
-			} catch (IOException ioe) {
-				log.error("checkLoginStatus() could not redirect to login page");
-			}
 			return false;
 		}
 	}
 
 	/**
-	 * If not logged in at the minimum level or higher, redirect them to the appropriate page.
+	 * If not logged in at the required level, redirect them to the appropriate page.
 	 */
 	public static boolean checkLoginStatus(HttpServletRequest request,
 			HttpServletResponse response, int minimumLevel) {
 		LogoutRedirector.recordRestrictedPageUri(request);
 		if (LoginStatusBean.getBean(request).isLoggedInAtLeast(minimumLevel)) {
 			return true;
+		} else if (LoginStatusBean.getBean(request).isLoggedIn()) {
+			redirectToInsufficientAuthorizationPage(request, response);
+			return false;
 		} else {
-			try {
 			redirectToLoginPage(request, response);
-			} catch (IOException ioe) {
-				log.error("checkLoginStatus() could not redirect to login page");
-			}
 			return false;
 		}
 	}
 
 	/**
-	 * Not adequately logged in. Send them to the login page, and then back to
+	 * Logged in, but with insufficent authorization. Send them to the
-	 * the page that invoked this.
+	 * corresponding page. They won't be coming back.
+	 */
+	public static void redirectToInsufficientAuthorizationPage(
+			HttpServletRequest request, HttpServletResponse response) {
+		try {
+			response.sendRedirect(request.getContextPath()
+					+ Controllers.INSUFFICIENT_AUTHORIZATION);
+		} catch (IOException e) {
+			log.error("Could not redirect to insufficient authorization page.");
+		}
+	}
+	
+	/**
+	 * Not logged in. Send them to the login page, and then back to the page
+	 * that invoked this.
 	 */
 	public static void redirectToLoginPage(HttpServletRequest request,
-			HttpServletResponse response) throws IOException {
+			HttpServletResponse response)  {
 		String postLoginRequest;
 
 		String queryString = request.getQueryString();
@@ -128,7 +137,12 @@ public class VitroHttpServlet extends HttpServlet {
 		LoginRedirector.setReturnUrlFromForcedLogin(request, postLoginRequest);
 		
 		String loginPage = request.getContextPath() + Controllers.LOGIN;
+		
+		try {
 			response.sendRedirect(loginPage);
+		} catch (IOException ioe) {
+			log.error("Could not redirect to login page");
+		}
 	}
 
 	/**

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/EmptyController.java

@@ -8,10 +8,7 @@ import java.util.Map;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import edu.cornell.mannlib.vitro.webapp.beans.Portal;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
-import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet.ResponseValues;
-import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet.TemplateResponseValues;
 
 /*
  * Servlet that only specifies a template, without putting any data
@@ -25,12 +22,17 @@ public class EmptyController extends FreemarkerHttpServlet {
     private static final Map<String, String> urlsToTemplates = new HashMap<String, String>(){
         {
             put("/login", "login.ftl");
+            put("/insufficientAuthorization", "insufficientAuthorization.ftl");
         }
     };
 
     protected ResponseValues processRequest(VitroRequest vreq) {
         String requestedUrl = vreq.getServletPath();
         String templateName = urlsToTemplates.get(requestedUrl);
+        
+		log.debug("requestedUrl='" + requestedUrl + "', templateName='"
+				+ templateName + "'");
+		
         return new TemplateResponseValues(templateName);
     }    
 }

webapp/src/edu/cornell/mannlib/vitro/webapp/web/jsptags/ConfirmLoginStatus.java

@@ -96,14 +96,8 @@ public class ConfirmLoginStatus extends BodyTagSupport {
 	}
 
 	private int redirectAndSkipPage() throws JspException {
-		try {
 		VitroHttpServlet.redirectToLoginPage(getRequest(), getResponse());
 		return SKIP_PAGE;
-		} catch (IOException ioe) {
-			throw new JspException(
-					"<vitro:confirmLoginStatus> could not redirect to login page",
-					ioe);
-		}
 	}
 
 	private HttpServletRequest getRequest() {

webapp/web/templates/freemarker/body/insufficientAuthorization.ftl

@@ -0,0 +1,14 @@
+<#-- $This file is distributed under the terms of the license in /doc/license.txt$ -->
+
+<#-- Template for the insufficient authorization page -->
+
+<section role="region">
+    <h2>Insufficient Authorization</h2>
+    
+    <p>
+      You are not authorized to view that page.
+    </p>
+
+    <br/>
+    <a href="${urls.home}">Continue</a>
+</section>